Introduction

If your organization is interested in using a VPN client, but you are concerned about allowing clients' personal computers into your network when you have no control over what they are running on their PCs, then Check Point solves this problem by giving you control of your remote users' desktop security. You can configure specific properties for your mobile users' desktops, which could include prohibiting connections to their PC when they have the remote software running. That way, if they are running a Web server on their PC, you do not have to worry about their server being compromised while they have a connection into your private network.

SecureClient software operates exactly like the SecuRemote software package that we discussed in the previous chapter. The only difference is that you choose to install it with desktop security. This feature provides a personal firewall on your mobile users' PCs, which you control via the FireWall-1 Policy Editor. Within the Policy Editor, you can define detailed policies that the SecureClient downloads when they log in to your firewall's Policy Server.

We will show you how to install and configure a Policy Server in this chapter, and how to configure different desktop policies for your users. A policy server can reside on one of your firewall modules, or it can be set up as a separate server to strictly enforce clients' security policies.

After describing the Policy Server to you in full detail, we will then show you how to install the...